Senior Manager, Threat Intelligence & Detection Engineering (Hybrid - Seattle)

Job Description

We are looking for an experienced and visionary Senior Manager of Threat Intelligence and Detection Engineering to lead our proactive defense initiatives. In this role, you will oversee the development and refinement of our threat detection capabilities, leverage intelligence to anticipate and mitigate threats, and guide a team of threat analysts and detection engineers. You will play a critical role in advancing our threat-informed defense strategy and maturing our security operations program.

Responsibilities

• Develop and execute the strategic roadmap for threat intelligence, detection engineering, and threat hunting programs across multiple business units
• Build, lead, and mentor a high-performing team of detection engineers, threat analysts, and hunters
• Serve as the primary subject matter expert and strategic advisor to executive leadership on evolving threat landscapes, defensive priorities, and organizational risk posture
• Operationalize threat intelligence by integrating internal and external intel into detection engineering workflows
• Maintain and evolve threat intelligence sources (commercial, open-source, government) to inform risk posture and detection priorities
• Deliver actionable threat assessments and briefings tailored to technical and executive stakeholders
• Lead the full detection engineering lifecycle including threat modeling, detection logic development using query languages (KQL, SPL, SQL), testing with attack simulation frameworks, automated deployment via CI/CD, and continuous tuning based on performance metrics
• Drive development of advanced behavior-based, anomaly detections, and AI/ML-powered detection systems aligned with MITRE ATT&CK and emerging threat actor TTPs
• Establish strategic partnerships with red team, SOC and incident response management to ensure comprehensive detection coverage and proactive visibility gap closure
• Lead enterprise-wide collaboration with cloud architects, infrastructure leadership, and application development teams to enhance telemetry strategies and ensure scalable detection across complex hybrid and multi-cloud environments
• Drive strategic contributions to enterprise incident response frameworks, lead tabletop exercises, and oversee purple team program development to continuously test and improve organizational defenses
• Champion automation initiatives and establish data-driven decision-making frameworks across all threat detection and response operations
• Define, implement, and report on enterprise-level key performance indicators (KPIs) for detection effectiveness, operational efficiency, false positive optimization, and mean time to detection (MTTD) across the organization
• Integrate security detection into CI/CD pipelines and support DevSecOps initiatives
• Manage budgets, vendor relationships, and technology investments for threat intelligence and detection engineering programs
• Establish and maintain strategic relationships with industry peers, threat intelligence communities, and security vendors

Required Qualifications

• Bachelors Degree in Information Technology, Computer Science, Data Science or related experience required.
• 8+ years in information security with a focus on threat intelligence, detection engineering, or security operations
• 3-5 years in a leadership or management role with a track record of leading high-performing technical teams
• Deep expertise in attacker behaviors, threat actor TTPs, campaigns, and threat landscape evolution across multiple industry verticals
• Extensive experience designing, implementing, and optimizing enterprise-scale detections across multiple SIEMs (e.g., Splunk, Sentinel, Chronicle), EDR/XDR platforms (e.g., CrowdStrike, Defender, SentinelOne), and cloud-native security tools
• Strong working knowledge of MITRE ATT&CK, threat modeling, and structured threat intelligence formats (e.g., STIX, TAXII)
• Proficiency in Python, PowerShell, and at least one other programming language for detection engineering and automation
• Experience with detection-as-code practices and version control (Git)
• Knowledge of threat hunting methodologies and hypothesis-driven investigations
• Comprehensive understanding of NIST Cybersecurity Framework, ISO 27001, SOC 2, and other compliance requirements with implementation experience
• Hands-on experience in cloud environments (AWS, Azure, Google Cloud Platform) and containerized workloads (e.g., Kubernetes, ECS) preferred
• Experience with threat intelligence platforms (e.g., ThreatConnect, MISP, Anomali) and CTI frameworks (e.g., Diamond Model, Kill Chain) is a plus
• Advanced knowledge of SOAR platforms (Phantom, Demisto, Swimlane) and enterprise security orchestration
• Experience with AI/ML-driven detection systems and automated response orchestration is a plus
• API development and integration for security tooling experience preferred
• Container security and Kubernetes threat detection knowledge is a plus
• Experience with deception technology and honeypot deployment preferred
• Industry certifications (e.g., GCTI, GCIA, GDAT, GCED, GCFA, GSEC, CISSP) preferred; cloud security certifications (AWS Security Specialty, Azure Security Engineer) are a plus

We've got you covered...

Our employees are our most important asset and that's reflected in our benefits. Nordstrom is proud to offer a variety of benefits to support employees and their families, including:

• Medical/Vision, Dental, Retirement and Paid Time Away
• Life Insurance and Disability
• Merchandise Discount and EAP Resources

A few more important points...

The job posting highlights the most critical responsibilities and requirements of the job. It's not all-inclusive. There may be additional duties, responsibilities and qualifications for this job.

Nordstrom conducts background checks and considers qualified applicants with criminal histories in a manner consistent with all legal requirements.

Applicants with disabilities who require assistance or accommodation should contact the nearest Nordstrom location, which can be identified at

Please be mindful that there may be legal notices and requirements related to this job posting that are specific to your state. Review the Career Site FAQ's for relevant information and guidelines.

2022 Nordstrom, Inc

Current Nordstrom employees: To apply, log into Workday, click the Careers button and then click Find Jobs.

Pay Range Details

The pay range(s) below has been provided in compliance with state specific laws. Pay ranges may be different for other locations.
Pay offers are dependent on the location, as well as job-related knowledge, skills, and experience.
$191,000.00 - $297,000.00 Annual

This position may be eligible for performance-based incentives/bonuses. Benefits include 401k, medical/vision/dental/life/disability insurance options, PTO accruals, Holidays, and more. Eligibility requirements may apply based on location, job level, classification, and length of employment. Learn more in the Nordstrom Benefits Overview by copying and pasting the following URL into your browser: _Overview_17-19.pdf